Multiple WebmasterSite Products Remote Command Execution Vulnerability
BID:30572
Info
Multiple WebmasterSite Products Remote Command Execution Vulnerability
| Bugtraq ID: | 30572 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 06 2008 12:00AM |
| Updated: | Aug 06 2008 08:36PM |
| Credit: | otmorozok428 |
| Vulnerable: |
Webmastersite WSN Links 4.1.44 Webmastersite WSN Knowledge Base 4.1.36 Webmastersite WSN Gallery 4.1.30 Webmastersite WSN Forum 4.1.43 |
| Not Vulnerable: | |
Discussion
Multiple WebmasterSite Products Remote Command Execution Vulnerability
Multiple WebmasterSite products are prone to a remote shell command-execution vulnerability because the applications fail to sufficiently sanitize user-supplied data.
Successfully exploiting this issue will allow an attacker to execute arbitrary commands in the context of the affected application.
This issue affects the following products:
WSN Forum 4.1.43
WSN Knowledge Base 4.1.36
WSN Links 4.1.44
WSN Gallery 4.1.30
Note that previous versions may also be vulnerable.
Multiple WebmasterSite products are prone to a remote shell command-execution vulnerability because the applications fail to sufficiently sanitize user-supplied data.
Successfully exploiting this issue will allow an attacker to execute arbitrary commands in the context of the affected application.
This issue affects the following products:
WSN Forum 4.1.43
WSN Knowledge Base 4.1.36
WSN Links 4.1.44
WSN Gallery 4.1.30
Note that previous versions may also be vulnerable.
Exploit / POC
Multiple WebmasterSite Products Remote Command Execution Vulnerability
Attackers can use a browser to exploit this issue.
The following exploit code is available:
Attackers can use a browser to exploit this issue.
The following exploit code is available:
Solution / Fix
Multiple WebmasterSite Products Remote Command Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Multiple WebmasterSite Products Remote Command Execution Vulnerability
References:
References:
- Vendor Homepage (WebmasterSite.net)